Agreed, fully. We understand the purpose of the exercises. It's not about the specific systems, etc, it's about testing leadership and incident response methodology, in general.
However, as I'd said, general public (not the IT-'informed') might not understand this, to the same degree, and thus, my questioning the public-release nature, even of the event taking place, let alone any detail on the outcomes, beforehand. I think it might have fared better had they gone through the drill, then after the fact, gone over the results of the response side of things, rather than opening it up, pre-simulation, to scrutiny or 'blind' questions from media, etc.
From the standpoint of those involved (industry analysts and lawmakers, as well as the folks formerly holding the critical positions,) I fully agree with their perspectives and knowledge being put to use for this, as well as for the lawmakers having opportunity to lend their insight and reasoning to form new policies and the like, in relation to this type of situation. Mind you, I know I'm being overly cautious / critical, and that ultimately, those in the know will NOT release any data that they shouldn't. (We are talking about politicians, right?
) Personally, though, I just don't think it was as wise to open the floor to public media, even just in acknowledgement, this soon, but rather, I'd have waited until after the exercise is concluded, to brief the rest of the world. (And then, again, only to brief them on generalities, and nothing specific.) Even though we are NOT talking about specific security and infrastructure systems and the like, directly, even giving a firm understanding of how the TEAM of invididuals works together, in this scenario, allows others to try to manipulate that system, and come up with other means to an end.
Even in penetration testing and security analysis, we often examine our clients' security policies for backup, data handling, incident handling / prevention, etc. That doesn't mean that if we question any of it, disagree or even agree with it, that we release it to other individuals outside the scope of the testing. It defeats the purpose of confidentiality, ethics and common sense. And while yes, this IS the United States' critical infrastructure we are talking about, that doesn't preclude US citizens, some of whom HAVE ill intentions, from using any given data against the system.
Understand, I fully agree with everything stated in this thread, from the nature of the testing and simulation, to the lessened severity of the outcome of simply simulating, and awareness of the results, per se. And these are FORMER post holders, not present, so there's no guarantee that the responses will be the same as they'd be with the current position holders involved in a real scenario. However, IF protocol is in place, as it SHOULD be, then 'technically' they should be following set procedures, etc, and those procedures do NOT need to be publicly scrutinized or disclosed, as it's the job of those in the proper positions of authority to adequately understand, react and rectify these types of situations, by procedural guidelines. (That's the point of this, right, to analyze current procedures and modify / change / better them, to accommodate future changes in technology and methodology, in order to come up with BETTER ones?)
That's my opinion, and again, I fully agree with the rest of the points by myself, unsupported, and Ash Chole.
Again, from the security-realm / world perspective, I'd still be interested in hearing any results of the procedural outcome, so if you hear anything, unsupported, let us know.